CVE-2024-52318

CVE-2024-52318: Apache Tomcat: Incorrect JSP tag recycling leads to XSS

Vendor Apache Software Foundation

Product Apache Tomcat

Published November 18, 2024

Last update January 31, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.

Key dates

Disclosure timeline

November 18, 2024 CVE published

January 31, 2025 Record updated

Identifiers

CVE CVE-2024-52318

Affected versions

Vendor Apache Software Foundation

Product Apache Tomcat

Affected 11.0.0

Vendor Apache Software Foundation

Product Apache Tomcat

Affected 10.1.31

Vendor Apache Software Foundation

Product Apache Tomcat

Affected 9.0.96